5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
29/10/2023, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe
Size

2.0MB
MD5

031bac72289d15c5bd8192e3d538bc75
SHA1

5fc67b7aa3c5722468817d3c53def6c544e4acb7
SHA256

5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97
SHA512

e768e44b25cd5472e4a717426399f2b58b6e182b6fbd639d4cc7c214319334136b8ff0e1125d772e7aaf15880c9f232d751ddb9cfb55cf2af8a34761a48d9578
SSDEEP

49152:mcB6t27S9ewSRd3wQis4vTrniMA9uor8sTyXlUII5fhbHJKi:mZtUVrj4vyPQERy1CLbHJKi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
2624	rundll32.exe
2624	rundll32.exe
2624	rundll32.exe
2624	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe
2480	rundll32.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2792	1544	5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe	28
PID 1544 wrote to memory of 2792	1544	5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe	28
PID 1544 wrote to memory of 2792	1544	5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe	28
PID 1544 wrote to memory of 2792	1544	5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe	28
PID 2792 wrote to memory of 3020	2792	cmd.exe	30
PID 2792 wrote to memory of 3020	2792	cmd.exe	30
PID 2792 wrote to memory of 3020	2792	cmd.exe	30
PID 2792 wrote to memory of 3020	2792	cmd.exe	30
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 3020 wrote to memory of 2624	3020	control.exe	31
PID 2624 wrote to memory of 2536	2624	rundll32.exe	34
PID 2624 wrote to memory of 2536	2624	rundll32.exe	34
PID 2624 wrote to memory of 2536	2624	rundll32.exe	34
PID 2624 wrote to memory of 2536	2624	rundll32.exe	34
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35
PID 2536 wrote to memory of 2480	2536	RunDll32.exe	35

C:\Users\Admin\AppData\Local\Temp\5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe
"C:\Users\Admin\AppData\Local\Temp\5b01ade8e57d6370e5935db58dbf4d30f8ceea782bf50d8847150be1dc67ed97.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\cmd.exe
  cmd /c .\UI8oM.Cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Windows\SysWOW64\control.exe
    contROL.EXe "C:\Users\Admin\AppData\Local\Temp\7zS80639946\GwBYRDAJ.T7"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS80639946\GwBYRDAJ.T7"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Windows\system32\RunDll32.exe
        
        C:\Windows\system32\RunDll32.exe Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\7zS80639946\GwBYRDAJ.T7"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2536
      - C:\Windows\SysWOW64\rundll32.exe
        
        "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\shell32.dll",#44 "C:\Users\Admin\AppData\Local\Temp\7zS80639946\GwBYRDAJ.T7"
        6⤵
        Loads dropped DLL
        
        PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS80639946\GwBYRDAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS80639946\UI8oM.cmd

Filesize
32B

MD5
9c8d18b9c011bc6c45b68f666440f1de

SHA1
b47d25ba7e193cc7883902831249a25691b48fb5

SHA256
ca5f8575e18ed175282f757affe45bb67630764721612cfe8d0460a96bbdd171

SHA512
5f8943350a03639cd26ce7b0e1f709ac03e0e7d4bc65dceada6d2d7a479d50df24bfa4a47fd03549497a9c9876e1be5ccf14a37b85b299b475c9388378f9dacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS80639946\UI8oM.cmd

Filesize
32B

MD5
9c8d18b9c011bc6c45b68f666440f1de

SHA1
b47d25ba7e193cc7883902831249a25691b48fb5

SHA256
ca5f8575e18ed175282f757affe45bb67630764721612cfe8d0460a96bbdd171

SHA512
5f8943350a03639cd26ce7b0e1f709ac03e0e7d4bc65dceada6d2d7a479d50df24bfa4a47fd03549497a9c9876e1be5ccf14a37b85b299b475c9388378f9dacb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
\Users\Admin\AppData\Local\Temp\7zS80639946\gwbyRdAJ.T7

Filesize
2.0MB

MD5
2be40337389f6bdaa511630529b93ca5

SHA1
fca865bac98104ea19f20f4e794cdfb95394d97b

SHA256
246a01da9e2133a7bb329527b7f106f462c2d94bf4971f3d77ddfe5b78b0017b

SHA512
32f45375f6d3624c5049bf61c7910a48fae7c6fb5dfcb94583d0b79d266c6399686d4e1479e2a44be44b277152a8dcb3e8ca64d2fc87b5e4bffb84c02b6588bb

Download Submit
memory/2480-31-0x0000000000200000-0x0000000000206000-memory.dmp

Filesize
24KB

Download
memory/2480-36-0x0000000002600000-0x000000000271E000-memory.dmp

Filesize
1.1MB

Download
memory/2480-37-0x0000000002720000-0x0000000002822000-memory.dmp

Filesize
1.0MB

Download
memory/2480-40-0x0000000002720000-0x0000000002822000-memory.dmp

Filesize
1.0MB

Download
memory/2480-41-0x0000000002720000-0x0000000002822000-memory.dmp

Filesize
1.0MB

Download
memory/2624-22-0x00000000025E0000-0x00000000026E2000-memory.dmp

Filesize
1.0MB

Download
memory/2624-25-0x00000000025E0000-0x00000000026E2000-memory.dmp

Filesize
1.0MB

Download
memory/2624-26-0x00000000025E0000-0x00000000026E2000-memory.dmp

Filesize
1.0MB

Download
memory/2624-21-0x00000000024C0000-0x00000000025DE000-memory.dmp

Filesize
1.1MB

Download
memory/2624-16-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2624-17-0x0000000010000000-0x0000000010203000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads